CVE-2024-40684 IBM Operations Analytics - Log Analysis is affected by Weak Password Policy and Inadequate Account Lockout Mechanism

IBM Operations Analytics - Log Analysis 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3, 1.3.6.0, 1.3.6.1, 1.3.7.0, 1.3.7.1, 1.3.7.2, and 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3, 1.3.8.4 IBM SmartCloud Analytics - Log Analysis does not require that users should have strong passwords by default, which makes it easi...

WordPress plugin Nelio Popups 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2024-39644

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Modernaweb Studio Black Widgets For Elementor allows Stored XSS.This issue affects Black Widgets For Elementor: from n/a through 1.3.5...

CVE-2025-10493 Chained Quiz <= 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie

The Chained Quiz plugin for WordPress is vulnerable to Insecure Direct Object Reference in version 1.3.4 and below via the quiz submission and completion mechanisms due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to hijack and modify other...

WordPress Road Fighter Theme <= 1.3.5 - Sensitive Data Exposure Vulnerability

Sensitive Data Exposure Vulnerability discovered by Legion Hunter in WordPress Theme Road Fighter versions = 1.3.5...

WordPress Small Package Quotes – USPS Edition plugin <= 1.3.5 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Colin Xu in WordPress Plugin Small Package Quotes – USPS Edition versions = 1.3.5...

WordPress plugin Content Security Policy Pro 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2025-1920 · WordPress · The Coupon X: Discount Pop Up

Name of the Vulnerable Software and Affected Versions: The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress versions up to, and including, 1.3.5 Description: The issue is related to PHP Object Injection via deserialization of untrusted...

WordPress Grid Plus plugin <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution via grid_plus_load_by_category vulnerability

Unauthenticated Arbitrary Shortcode Execution via gridplusloadbycategory vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Grid Plus versions = 1.3.5...

CVE-2023-29237

Missing Authorization vulnerability in Muhammad Rehman Remove Duplicate Posts remove-duplicate-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Remove Duplicate Posts: from n/a through = 1.3.5...

PT-2024-35260 · Unknown · Disable Admin Notices Individually

Name of the Vulnerable Software and Affected Versions: Disable Admin Notices individually versions 1.3.5 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on a user's account. This can be achieved by...

WordPress Move Addons for Elementor plugin <= 1.3.5 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates vulnerability

Authenticated Contributor+ Sensitive Information Exposure via Elementor Templates vulnerability discovered by Ankit Patel in WordPress Plugin Move Addons for Elementor versions = 1.3.5...

WordPress Schema & Structured Data for WP & AMP plugin <= 1.3.5 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Schema & Structured Data for WP & AMP versions = 1.3.5...

WordPress WP Popup Builder – Popup Forms and Marketing Lead Generation plugin <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Francesco Carlucci in WordPress Plugin WP Popup Builder versions = 1.3.5...

PT-2024-29619 · Apache · Apache Answer

Name of the Vulnerable Software and Affected Versions: Apache Answer versions through 1.3.5 Description: The password reset link remains valid within its expiration period even after it has been used, potentially leading to misuse or hijacking. Recommendations: For Apache Answer versions through...

PT-2024-27664 · Unknown · Gum Elementor Addon

Name of the Vulnerable Software and Affected Versions: Gum Elementor Addon versions 1.3.5 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For...

WordPress WP Directory Kit plugin <= 1.3.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin WP Directory Kit versions = 1.3.5...

CVE-2023-22686

Cross-Site Request Forgery CSRF vulnerability in TriniTronic Nice PayPal Button Lite plugin = 1.3.5 versions...

sudo: bypass of tty_tickets constraints

sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the ttytickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard...